diff options
author | Tom Lane | 2007-12-11 02:31:49 +0000 |
---|---|---|
committer | Tom Lane | 2007-12-11 02:31:49 +0000 |
commit | 416efe39bee2b76e5cb187d9d29717eca581e296 (patch) | |
tree | 5bd38608d4423fafab871db9113dca14ed16e841 | |
parent | 46f7c42bd45c65fc470b834c93580e91e1323a18 (diff) |
Remove the -P options of oid2name and pgbench, as they are security
hazards. Instead teach these programs to prompt for a password when
necessary, just like all our other programs.
I did not bother to invent -W switches for them, since the return on
investment seems so low.
-rw-r--r-- | contrib/oid2name/oid2name.c | 65 | ||||
-rw-r--r-- | contrib/pgbench/pgbench.c | 64 | ||||
-rw-r--r-- | doc/src/sgml/oid2name.sgml | 6 | ||||
-rw-r--r-- | doc/src/sgml/pgbench.sgml | 5 |
4 files changed, 81 insertions, 59 deletions
diff --git a/contrib/oid2name/oid2name.c b/contrib/oid2name/oid2name.c index 5d5cf5733e..9e19edfbc0 100644 --- a/contrib/oid2name/oid2name.c +++ b/contrib/oid2name/oid2name.c @@ -4,6 +4,7 @@ * * Originally by * B. Palmer, [email protected] 1-17-2001 + * * $PostgreSQL$ */ #include "postgres_fe.h" @@ -43,7 +44,6 @@ struct options char *hostname; char *port; char *username; - char *password; }; /* function prototypes */ @@ -76,10 +76,9 @@ get_opts(int argc, char **argv, struct options * my_opts) my_opts->hostname = NULL; my_opts->port = NULL; my_opts->username = NULL; - my_opts->password = NULL; /* get opts */ - while ((c = getopt(argc, argv, "H:p:U:P:d:t:o:f:qSxish?")) != -1) + while ((c = getopt(argc, argv, "H:p:U:d:t:o:f:qSxish?")) != -1) { switch (c) { @@ -123,11 +122,6 @@ get_opts(int argc, char **argv, struct options * my_opts) my_opts->username = mystrdup(optarg); break; - /* password */ - case 'P': - my_opts->password = mystrdup(optarg); - break; - /* display system tables */ case 'S': my_opts->systables = true; @@ -166,8 +160,6 @@ get_opts(int argc, char **argv, struct options * my_opts) " -H host connect to remote host\n" " -p port host port to connect to\n" " -U username username to connect with\n" - " -P password password for username\n" - " (see also $PGPASSWORD and ~/.pgpass)\n" ); exit(1); break; @@ -275,22 +267,49 @@ PGconn * sql_conn(struct options * my_opts) { PGconn *conn; + char *password = NULL; + bool new_pass; - /* login */ - conn = PQsetdbLogin(my_opts->hostname, - my_opts->port, - NULL, /* options */ - NULL, /* tty */ - my_opts->dbname, - my_opts->username, - my_opts->password); - - /* deal with errors */ - if (PQstatus(conn) != CONNECTION_OK) + /* + * Start the connection. Loop until we have a password if requested by + * backend. + */ + do { - fprintf(stderr, "%s: connection to database '%s' failed.\n", "oid2name", my_opts->dbname); - fprintf(stderr, "%s", PQerrorMessage(conn)); + new_pass = false; + conn = PQsetdbLogin(my_opts->hostname, + my_opts->port, + NULL, /* options */ + NULL, /* tty */ + my_opts->dbname, + my_opts->username, + password); + if (!conn) + { + fprintf(stderr, "%s: could not connect to database %s\n", + "oid2name", my_opts->dbname); + exit(1); + } + + if (PQstatus(conn) == CONNECTION_BAD && + PQconnectionNeedsPassword(conn) && + password == NULL && + !feof(stdin)) + { + PQfinish(conn); + password = simple_prompt("Password: ", 100, false); + new_pass = true; + } + } while (new_pass); + + if (password) + free(password); + /* check to see that the backend connection was successfully made */ + if (PQstatus(conn) == CONNECTION_BAD) + { + fprintf(stderr, "%s: could not connect to database %s: %s", + "oid2name", my_opts->dbname, PQerrorMessage(conn)); PQfinish(conn); exit(1); } diff --git a/contrib/pgbench/pgbench.c b/contrib/pgbench/pgbench.c index 977ff9691d..340846505b 100644 --- a/contrib/pgbench/pgbench.c +++ b/contrib/pgbench/pgbench.c @@ -94,7 +94,6 @@ char *pgport = ""; char *pgoptions = NULL; char *pgtty = NULL; char *login = NULL; -char *pwd = NULL; char *dbName; /* variable definitions */ @@ -188,8 +187,8 @@ static char *select_only = { static void usage(void) { - fprintf(stderr, "usage: pgbench [-h hostname][-p port][-c nclients][-t ntransactions][-s scaling_factor][-D varname=value][-n][-C][-v][-S][-N][-f filename][-l][-U login][-P password][-d][dbname]\n"); - fprintf(stderr, "(initialize mode): pgbench -i [-h hostname][-p port][-s scaling_factor] [-F fillfactor] [-U login][-P password][-d][dbname]\n"); + fprintf(stderr, "usage: pgbench [-h hostname][-p port][-c nclients][-t ntransactions][-s scaling_factor][-D varname=value][-n][-C][-v][-S][-N][-f filename][-l][-U login][-d][dbname]\n"); + fprintf(stderr, "(initialize mode): pgbench -i [-h hostname][-p port][-s scaling_factor] [-F fillfactor] [-U login][-d][dbname]\n"); } /* random number generator */ @@ -218,32 +217,50 @@ executeStatement(PGconn *con, const char *sql) static PGconn * doConnect(void) { - PGconn *con; + PGconn *conn; + static char *password = NULL; + bool new_pass; - con = PQsetdbLogin(pghost, pgport, pgoptions, pgtty, dbName, - login, pwd); - if (con == NULL) + /* + * Start the connection. Loop until we have a password if requested by + * backend. + */ + do { - fprintf(stderr, "Connection to database '%s' failed.\n", dbName); - fprintf(stderr, "Memory allocatin problem?\n"); - return (NULL); - } + new_pass = false; - if (PQstatus(con) == CONNECTION_BAD) - { - fprintf(stderr, "Connection to database '%s' failed.\n", dbName); + conn = PQsetdbLogin(pghost, pgport, pgoptions, pgtty, dbName, + login, password); + if (!conn) + { + fprintf(stderr, "Connection to database \"%s\" failed\n", + dbName); + return NULL; + } - if (PQerrorMessage(con)) - fprintf(stderr, "%s", PQerrorMessage(con)); - else - fprintf(stderr, "No explanation from the backend\n"); + if (PQstatus(conn) == CONNECTION_BAD && + PQconnectionNeedsPassword(conn) && + password == NULL && + !feof(stdin)) + { + PQfinish(conn); + password = simple_prompt("Password: ", 100, false); + new_pass = true; + } + } while (new_pass); - return (NULL); + /* check to see that the backend connection was successfully made */ + if (PQstatus(conn) == CONNECTION_BAD) + { + fprintf(stderr, "Connection to database \"%s\" failed:\n%s", + dbName, PQerrorMessage(conn)); + PQfinish(conn); + return NULL; } - executeStatement(con, "SET search_path = public"); + executeStatement(conn, "SET search_path = public"); - return (con); + return conn; } /* throw away response from backend */ @@ -1258,7 +1275,7 @@ main(int argc, char **argv) memset(state, 0, sizeof(*state)); - while ((c = getopt(argc, argv, "ih:nvp:dc:t:s:U:P:CNSlf:D:F:")) != -1) + while ((c = getopt(argc, argv, "ih:nvp:dc:t:s:U:CNSlf:D:F:")) != -1) { switch (c) { @@ -1333,9 +1350,6 @@ main(int argc, char **argv) case 'U': login = optarg; break; - case 'P': - pwd = optarg; - break; case 'l': use_log = true; break; diff --git a/doc/src/sgml/oid2name.sgml b/doc/src/sgml/oid2name.sgml index f4c4f3df47..027229b352 100644 --- a/doc/src/sgml/oid2name.sgml +++ b/doc/src/sgml/oid2name.sgml @@ -110,12 +110,6 @@ <entry><literal>-U</literal> <replaceable>username</></entry> <entry>username to connect as</entry> </row> - - <row> - <entry><literal>-P</literal> <replaceable>password</></entry> - <entry>password (deprecated — putting this on the command line - is a security hazard)</entry> - </row> </tbody> </tgroup> </table> diff --git a/doc/src/sgml/pgbench.sgml b/doc/src/sgml/pgbench.sgml index 967180ed1c..88b85f0f4b 100644 --- a/doc/src/sgml/pgbench.sgml +++ b/doc/src/sgml/pgbench.sgml @@ -282,11 +282,6 @@ pgbench <optional> <replaceable>options</> </optional> <replaceable>dbname</> <entry><literal>-U</literal> <replaceable>login</></entry> <entry>username to connect as</entry> </row> - <row> - <entry><literal>-P</literal> <replaceable>password</></entry> - <entry>password (deprecated — putting this on the command line - is a security hazard)</entry> - </row> </tbody> </tgroup> </table> |